Examining the Follina and Confluence Vulnerabilities: Risks, Remediation, and Vulnerability Management

  • Home
  • Blog
  • Examining the Follina and Confluence Vulnerabilities: Risks, Remediation, and Vulnerability Management

No single piece of software is perfect, and vulnerabilities are common; but when you consider that the average cost of a data breach was over $4 million in 2021, it is of paramount importance to consider how your business prepares for and reacts to vulnerabilities with a robust software risk management plan.

Two high-profile vulnerabilities that recently made headlines were Follina, a Microsoft Office zero-day, and a bug in Atlassian’s Confluence Server and Data Center. Patches have been released for both, and it’s critical that organizations update their systems; otherwise, cybercriminals will continue to exploit the flaws.

Have you updated yours?

Let’s take a closer look at what Follina and Confluence are and how best to stay on top of vulnerability management.

Follina Vulnerability

Follina is a critical zero-day vulnerability that impacted all major versions of Windows, including Windows 11, Windows 10, Windows 8.1 and Windows 7. Follina allows hackers to run malware remotely on Windows without being identified by Windows Defender or any other security software.

The exploit got the name Follina because the sample file references 0438, which is the area code of Follina, Italy.

The attack was explicitly linked to the Microsoft Support Diagnostic Tool (MSDT), with hackers running PowerShell commands through MSDT when opening malicious Office documents. It targeted Word’s remote template feature to retrieve an HTML file from a remote web server and then used the MSDT protocol to load code and execute the PowerShell commands.

Confluence Vulnerability

Atlassian recently disclosed a critical vulnerability affecting its Confluence Server and Data Center that enabled an unauthenticated attacker to execute arbitrary code on an affected instance. The vulnerability existed in an app, Questions for Confluence, which, when enabled on a Confluence Server or Data Center, created a user account with a hardcoded password that would migrate data from the app to the cloud. The password was published on social media, allowing attackers to log in remotely and exploit sensitive data.

If you’re self-hosting Atlassian Confluence, you must get the patch deployed as quickly as possible.

Take a collective approach to vulnerability management

Follina and Confluence have highlighted a lack of visibility within organizations regarding cybersecurity policies and processes, which is a common issue. Take vulnerability management, for example. The fewer people involved in this process, the greater the risk, as it leaves you with limited knowledge of any potential threats.

Agreeing on a collective approach to vulnerability management is critical to business-as-usual activities.

This is especially true when you consider that many issues arise as a result of employees independently adopting certain types of software in an attempt to make their job easier, without much thought for security. It’s important to take a risk-based approach to vulnerability management and use simple techniques, such as scanning the right assets regularly to identify potential threats or gaps in your security. This includes applications that aren’t routinely used but still form part of your operations.

Establishing a clear vulnerability management plan, or software risk management plan, that onboards all team members can help identify threats that are not straightforward to fix. This will help ensure that these threats are addressed as early as possible. The top three key things to consider are:

Assess all systems – When it comes to conducting threat assessments, don’t just look at systems that are in everyday use. Consider all platforms deemed critical to your business, even those that aren’t used regularly.

Vulnerability scanning – Utilize scanning to observe and manage the entire vulnerability lifecycle. This will not only identify potential threats within your network but also reduce the risk of exposure.

Think outside the box – It’s important to remember that the threat landscape is constantly evolving. As a result, you must protect yourself and your organization against techniques that are outside the norm, such as SMiShing, which is on the rise.

What is SMiShing?

In recent years, there has been a sharp rise in the number of SMiShing, or SMS phishing, attacks. What looks like an innocent text message from a reputable company can, in fact, be far more sinister. In 2020 alone, the FBI estimated that this new form of cyberattack cost US citizens over $50 million.

Hackers send SMS messages that appear to be a demand for late payment, encouraging people to click a link and submit secure information to avoid further action. What has actually happened is that an individual has unwittingly downloaded malware or shared sensitive details with cybercriminals, which can then be used to exploit the organization.

Unfortunately, it’s becoming increasingly difficult to distinguish a real SMS from a SMiShing message. As technology becomes more sophisticated, so do hackers’ techniques; yet, the average human remains easy to fool. Just because a message says it’s from Amazon, how do we know it actually is? For this reason, many businesses are turning to applications such as ‘Android for Business’, which ensures all sensitive data is sandboxed from external users.

At SureCloud, we provide sophisticated social engineering tests to illuminate where vulnerabilities like SMiShing might exist. Take a look at our Social Engineering & Phishing Simulation Services for more information.

Would you like to talk to us and find out more about our services?

Please fill in the form below and one of the team will get in touch.